CODEWITHSUNDEEP
phpapache
Russell Neufeld
Russell Neufeld

Reputation: 183

How can I set REMOTE_ADDR in apache before php is invoked?

I have a website set up with nginx acting as a reverse proxy to apache 2.2, which is running php. From apache and php's perspective the IP address of all requests is the nginx server. I'd like php to see the same remote IP that nginx sees.

Nginx sets a header X-Real-IP which contains the remote IP that nginx sees. I tried doing something like this in the apache conf:

SetEnvIf ^X-Real-IP$ "(.+)" REMOTE_ADDR=$1

My hope was that I could set the REMOTE_ADDR environment variable and when php finally gets invoked, it would see the remote IP that nginx sees. I think the php code is doing this:

$_SERVER['REMOTE_ADDR']

Anyway, this isn't working. Can you not set REMOTE_ADDR in the apache config file?

Upvotes: 14

Views: 48938

Answers (10)

Stan S.
Stan S.

Reputation: 277

I use the linux statement in Apache 2.4

sudo a2enmod remoteip

Upvotes: 0

Dave
Dave

Reputation: 101

With Apache 2.4 you can define which field is used for that. https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html

Upvotes: 0

Pascal MARTIN
Pascal MARTIN

Reputation: 401062

Not sure whether REMOTE_ADDR can be changed that way...


Actually, you might need to install / enable another Apache module, like mod_rpaf (quoting) :

It changes the remote address of the client visible to other Apache modules when two conditions are satisfied.
First condition is that the remote client is actually a proxy that is defined in httpd.conf.
Secondly if there is an incoming X-Forwarded-For header and the proxy is in it's list of known proxies it takes the last IP from the incoming X-Forwarded-For header and changes the remote address of the client in the request structure.
It also takes the incoming X-Host header and updates the virtualhost settings accordingly.
For Apache2 mod_proxy it takes the X-Forwared-Host header and updates the virtualhosts

Here's a blog-post about that : Nginx proxy to Apache - access remote host IP address using mod_praf

Update: original link not working right now, but it is available also as a debian package: apt-get install libapache2-mod-rpaf

Upvotes: 16

wacto
wacto

Reputation: 11

mod_rpaf (sudo apt-get install libapache2-mod-rpaf)

resolved all issues and REMOTE_ADDRR now looks Ok!..

Upvotes: 1

Trevorw
Trevorw

Reputation: 39

Apache (requires mod_headers module): 

SetEnvIf X-Real-IP "^(\d{1,3}+\.\d{1,3}+\.\d{1,3}+\.\d{1,3}+).*" XFF_CLIENT_IP=$1
RequestHeader set REMOTE_ADDR %{XFF_CLIENT_IP}e

REF for SetEnvIf RegEx: https://stackoverflow.com/a/10346093

Works also but doesn't verify input as IP: 

SetEnvIf X-Real-IP "^(.*)" XFF_CLIENT_IP=$1
RequestHeader set REMOTE_ADDR %{XFF_CLIENT_IP}e

In PHP: 

$_SERVER["HTTP_REMOTE_ADDR"]

-or-

$_SERVER["REMOTE_ADDR"]

No non-core Apache modules required

Upvotes: 3

mileusna
mileusna

Reputation: 672

I have solved this using mod_remoteip for Apache. mod_remoteip is for Apache 2.5 but thanks to this guy you can use it on Apache 2.2.x as well.

Download mod_remoteip.c from https://gist.github.com/1042237 and compile it with 

apxs -i -a -c mod_remoteip.c

This should create mod_remoteip.so copy in the modules directory. apxs will also add LoadModule directive in your httpd.conf for newly created module.

Open httpd.conf and check does LoadModule directive for mod_remoteip exists

LoadModule remoteip_module    modules/mod_remoteip.so

Add RemoteIPHeader directive in httpd.conf

RemoteIPHeader X-Forwarded-For

This directive will instruct mod_remoteip to use X-Forwarded-For value from nginx as remote_addr. You can also use X-Real-IP instead:

RemoteIPHeader X-Real-IP

Restart the Apache. If you have set the proxy headers in nginx it will work like a charm and remote_addr in Apache will be correct

# nginx conf    
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Upvotes: 11

Yasuo Ohgaki
Yasuo Ohgaki

Reputation: 21

You may try this simple PHP module

https://github.com/yohgaki/realip

It simply rewrites $_SERVER['REMOTE_ADDR'] with X-Forwarded-For or X-Real-IP whatever header you like. You can accomplish this with many different method, but I just would like to do it as PHP module. So I wrote it.

Upvotes: 2

n_are_q
n_are_q

Reputation: 133

You probably want to use this actually: http://httpd.apache.org/docs/2.3/mod/mod_remoteip.html. Has quite a bit more features and is maintained by apache themselves.

Edit: I was referring to the mod_rpaf suggestion above.

Upvotes: 0

danp
danp

Reputation: 15251

Off the cuff.. but could you pass the header X-Real-IP as a variable to the php using some rewrite magic..? Can't htaccess do stuff with header information before it invokes PHP?

Upvotes: 0

Pekka
Pekka

Reputation: 449555

I don't know whether REMOTE_ADDR can be manipulated - it could be that it can't - but you should be able to get hold of the X-Real-IP header within PHP through something like

$_SERVER["HTTP_X_Real_IP"]

or similar - check phpinfo() for the correct notation.

Also, Apache environment variables set in .htaccess should be visible in PHP.

Upvotes: 1

Related Questions